theregister.co.uk and IE = virus

[phishphreek]

Bofra exploit hits our ad serving supplier
By Team Register
Published Sunday 21st November 2004 16:18 GMT

Important notice Early on Saturday morning some banner advertising served for The Register by third party ad serving company Falk AG became infected with the Bofra/IFrame exploit. The Register suspended ad serving by this company on discovery of the problem.

Bofra/IFrame is a currently unpatched exploit which affects Internet Explorer 6.0 on all Windows platforms bar Windows XP SP2. If you may have visited The Register between 6am and 12.30pm GMT on Saturday, Nov 20 using any Windows platform bar XP SP2 we strongly advise you to check your machine with up to date anti-virus software, to install SP2 if you are running Windows XP, and to strongly consider running an alternative browser, at least until Microsoft deals with the issue.

We have asked Falk for an explanation and for further details of the incident, and pending this we do not intend to restart ad-serving via the company. Falk will, we understand, be making a statement regarding the matter on Monday.

Although the matter was beyond our direct control, we do not regard it as acceptable for any Register reader to be exposed in this way, and wish to apologise sincerely to anyone who was. Further information about this particular exploit is available here or here . ®

Source

[jinxy]

I read the report last night phish,
Was to busy seing if i was infected to post.

Anyway the following may be of interest as a follow up: http://www.theregister.co.uk/2004/11...frame_exploit/

[sysmin770]

I have a solution to that problem, run Linux or at least use Windows with a decent browser. I can't believe so many people still use IE after all of the publicized vulnerabilities.

[jinxy]

have a solution to that problem, run Linux or at least use Windows with a decent browser. I can't believe so many people still use IE after all of the publicized vulnerabilities.

So all the bad **** would go away if we all moved to Linux?

[Tiger Shark]

Jinxy:

I have to admit, Firefox works...... I don't get anything using it compared to using IE....

However i have to admit that it demands plugins be loaded more regularly than I'd like and when you click on the "Click here to download Plugin" icon you always get "plugin not found". So, whaddya do? You open IE and watch _exactly_ what you wanted to knowing that it was safe in the fist place.....

I think it's called "sacrifice"....

[Soda_Popinsky]

I have a solution to that problem, run Linux or at least use Windows with a decent browser. I can't believe so many people still use IE after all of the publicized vulnerabilities.

Or upgrade to Service Pack 2...? If you didn't after the GDI+ vuln, then maybe you were asking for it.

I use Firefox for the plugins, not because of the inherent security bandwagon that seems to be rollin'. I say this because it seems the local repair shop (and quite a few colleagues) are installing FF on hijack victims and calling it fixed, w/o touching the real problem or upgrading the OS. I agree switching to a less functional browser is a solution, but ignorance of the patching process is worse.


<off topic rant>
Several months ago I get a typical IM from a friend who can't change their homepage. I remove a cool web search hijack among other things. I update the OS, but forget to turn on auto updates. Just a few weeks ago, same deal. I am out of town, and the campus helpdesk advises a format, and the person takes the box to Best Buy, (Geek Squad). They format the box and reinstall the OS, unpatched. This person fails to tell me about the swarm of malware they pick up the next day, and bring it back to Geek Squad. They have to pay again for the cleaning, and pay for an AV as well. Is that unethical or what?
</off topic rant>

[chsh]

Originally posted here by jinxy
So all the bad **** would go away if we all moved to Linux?

Yep.

Originally posted here by Tiger Shark
However i have to admit that it demands plugins be loaded more regularly than I'd like and when you click on the &quot;Click here to download Plugin&quot; icon you always get &quot;plugin not found&quot;. So, whaddya do? You open IE and watch _exactly_ what you wanted to knowing that it was safe in the fist place..

Are you using FF1.0? I don't have that problem, though I use it primarily on Linux.

Originally posted here by Soda_Popinsky Or upgrade to Service Pack 2...? If you didn't after the GDI+ vuln, then maybe you were asking for it.

It's a tradeoff though: fix older vulns and open new ones, or keep the older ones and wait 'til the new ones are fixed?

I use Firefox for the plugins, not because of the inherent security bandwagon that seems to be rollin'. I say this because it seems the local repair shop (and quite a few colleagues) are installing FF on hijack victims and calling it fixed, w/o touching the real problem or upgrading the OS. I agree switching to a less functional browser is a solution, but ignorance of the patching process is worse.

Someone needs to slap the local repair shop then. Patching should always be encouraged, but short of mandating automatic updates via local policy (which may be questionable in and of itself), I don't see how you'd go about fixing the problem presented.
If you don't mind my asking, why and to what do you consider FF less functional?

[Soda_Popinsky]

It's a tradeoff though: fix older vulns and open new ones, or keep the older ones and wait 'til the new ones are fixed?

There are SP2 vulnerabilities? I don't count the cmd window drag and drop, but other than that, what vulnerabilities? (and I don't count the ones that require social engineering)

If you don't mind my asking, why and to what do you consider FF less functional?

No activex. If it were to be exploited, AFAIK it would have to be through it's html or javascript interpreter, and there are many other paths to exploit IE, such as activex or whatever functions it has within the OS (I think there was a help file vulnerability, that sort of thing).

Although one exception, people (like myself) pile on the plugins on top of their FF browser. I wonder how that will effect the security of the browser, by depending on the skills of more obscure, open source extension teams. Any plugins that see the html received and handle it incorrectly can get screwed. I have a web developer toolbar installed right now, when I use functions of it, it must read the HTML of a site. What if you code something that exploits the extension and not the browser? I don't know enough of how FF is developed and if it can prevent this sort of thing from happening (i doubt it), but I believe this can happen in the future.
Good thing it's easy to update all your extensions at once. And yet again, the solution is updating.

[jinxy]

I have to admit, Firefox works

It does indead. (you know exactly where i was comeing from)

Yep.

Bet it would not take long to come back though

Infact, i have had more picked up with spybot/adaware, when i have used Firefox. Than when I have used IE service pack 2. Mind you I do tend to go places with Firefox that i would not with IE. Over confidence, "will", i'm sure kick me in the arse one day.

[TheSpecialist]

When im using XP... sometimes I'll use IE and you know what? I don't get malware at all. Then agian, unlike everyone else on the world wide web now ah'days I actually pay attention to... and yes, unlike most people sometimes I occasionally even give a damn about what happends to my computer. Oh and I don't really see why I need any type of administrative rights just to read the funny pages known as The Reg's articles.

Complaining about browsers is so stupid... you would have to be even more mentally retarded than I am to be infected with malware.